Daily Ruleset Update Summary 2022/10/31

Summary:

8 new OPEN, 23 new PRO (8 + 15) Manjusaka, JS/AlterSave Skimmer, Win32.Agent.OSCF, CoinMiner
Thanks @sansecio @corelight_inc

Please share issues, feedback, and requests at Feedback

Added rules:

Open:

2039601 - ET MALWARE Manjusaka C2 Client Heartbeat (malware.rules)
2039602 - ET MALWARE Manjusaka C2 Heartbeat Response (malware.rules)
2039603 - ET MALWARE JS/AlterSave Skimmer Payload Inbound M1 (malware.rules)
2039604 - ET MALWARE JS/AlterSave Skimmer Payload Inbound M2 (malware.rules)
2039605 - ET INFO GET Request Exfiltrating Username and Hostname (info.rules)
2039606 - ET MALWARE Malicious Doc CnC Domain (e-demarches .kodeo .ch) in DNS Lookup (malware.rules)
2039607 - ET MALWARE Win32.Agent.OSCF CnC Checkin (malware.rules)
2039608 - ET PHISHING Successful RBFCU Credential Phish 2022-10-31 (phishing.rules)

Pro:

2852726 - ETPRO COINMINER CoinMiner Known Malicious Stratum Authline (2022-10-29 1) (coinminer.rules)